summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sql/modules/Roles.sql136
1 files changed, 126 insertions, 10 deletions
diff --git a/sql/modules/Roles.sql b/sql/modules/Roles.sql
index 7994a6e3..c3ad4650 100644
--- a/sql/modules/Roles.sql
+++ b/sql/modules/Roles.sql
@@ -1,13 +1,83 @@
-- Contacts
+CREATE ROLE lsmb_<?lsmb dbname ?>__read_contact
+WITH INHERIT NOLOGIN;
+
+GRANT SELECT ON entity TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON company TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON location TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON person TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON entity_credit_account TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON company_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON company_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON customertax TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON employee TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON customer TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON contact_class TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON entity_class TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON entity_bank_account TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON entity_note TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON entity_class_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON entity_other_name TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON location_class TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON person_to_company TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT SELECT ON vendortax TO lsmb_<?lsmb dbname ?>__create_contact;
CREATE ROLE lsmb_<?lsmb dbname ?>__create_contact
-WITH INHERIT NOLOGIN;
+WITH INHERIT NOLOGIN
+IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
+
+GRANT INSERT ON entity TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON company TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON location TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON person TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON entity_credit_account TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON company_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON company_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON customertax TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON employee TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON customer TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON entity_bank_account TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON entity_note TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON entity_class_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON entity_other_name TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON person_to_company TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT INSERT ON vendortax TO lsmb_<?lsmb dbname ?>__create_contact;
CREATE ROLE lsmb_<?lsmb dbname ?>__edit_contact
-WITH INHERIT NOLOGIN;
+WITH INHERIT NOLOGIN
+IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
-CREATE ROLE lsmb_<?lsmb dbname ?>__read_contact
-WITH INHERIT NOLOGIN;
+GRANT UPDATE ON entity TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON company TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON location TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON person TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON entity_credit_account TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON company_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON company_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON customertax TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON employee TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON customer TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON entity_bank_account TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON entity_note TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON entity_class_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON entity_other_name TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON person_to_company TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT UPDATE ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
+GRANT DELETE, INSERT ON vendortax TO lsmb_<?lsmb dbname ?>__create_contact;
CREATE ROLE lsmb_<?lsmb dbname ?>__contact_all_rights
WITH INHERIT NOLOGIN
@@ -19,36 +89,61 @@ lsmb_<?lsmb dbname ?>__read_contact;
CREATE ROLE lsmb_<?lsmb dbname ?>__create_batch
WITH INHERIT NOLOGIN;
-CREATE ROLE lsmb_<?lsmb dbname ?>__create_list_batches
-WITH INHERIT NOLOGIN;
+GRANT INSERT ON batch TO lsmb_<?lsmb dbname ?>__create_batch;
+GRANT SELECT ON batch_class TO lsmb_<?lsmb dbname ?>__create_batch;
+GRANT INSERT ON voucher TO lsmb_<?lsmb dbname ?>__create_batch;
-CREATE ROLE lsmb_<?lsmb dbname ?>__create_post_batches
+CREATE ROLE lsmb_<?lsmb dbname ?>__post_batches
WITH INHERIT NOLOGIN;
+GRANT UPDATE ON ar TO lsmb_<?lsmb dbname ?>__post_batches;
+GRANT UPDATE ON ap TO lsmb_<?lsmb dbname ?>__post_batches;
+GRANT UPDATE ON acc_trans TO lsmb_<?lsmb dbname ?>__post_batches;
+GRANT UPDATE ON batch TO lsmb_<?lsmb dbname ?>__post_batches;
+GRANT UPDATE ON gl TO lsmb_<?lsmb dbname ?>__post_batches;
-- AR
CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction
WITH INHERIT NOLOGIN
IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
+GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
+GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
+
CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher
WITH INHERIT NOLOGIN
IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
lsmb_<?lsmb dbname ?>__create_batch;
+GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
+GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
+
CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_invoice
WITH INHERIT NOLOGIN
-IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
+IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
+lsmb_<?lsmb dbname ?>__create_ar_transaction;
+
+GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
+GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher
WITH INHERIT NOLOGIN
IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
-lsmb_<?lsmb dbname ?>__create_batch;
+lsmb_<?lsmb dbname ?>__create_batch,
+lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
+
+GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
+GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
CREATE ROLE lsmb_<?lsmb dbname ?>__list_ar_transactions
WITH INHERIT NOLOGIN
IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
+GRANT SELECT ON ar TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
+GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
+GRANT SELECT ON invoice TO lsmb_<?lsmb dbname ?>__list_ar_transactions
+GRANT SELECT ON inventory TO lsmb_<?lsmb dbname ?>__list_ar_transactions
+
CREATE ROLE lsmb_<?lsmb dbname ?>__ar_all_vouchers
WITH INHERIT NOLOGIN
IN ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher,
@@ -64,18 +159,30 @@ CREATE ROLE lsmb_<?lsmb dbname ?>__create_sales_order
WITH INHERIT NOLOGIN
IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
+GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_sales_order;
+GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_sales_order;
+
CREATE ROLE lsmb_<?lsmb dbname ?>__create_sales_quotation
WITH INHERIT NOLOGIN
IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
+GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
+GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
+
CREATE ROLE lsmb_<?lsmb dbname ?>__list_sales_orders
WITH INHERIT NOLOGIN
IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
+GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_sales_orders;
+GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_sales_orders;
+
CREATE ROLE lsmb_<?lsmb dbname ?>__list_sales_quotations
WITH INHERIT NOLOGIN
IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
+GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_sales_quotations;
+GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_sales_quotations;
+
CREATE ROLE lsmb_<?lsmb dbname ?>__all_ar
WITH INHERIT NOLOGIN
IN ROLE lsmb_<?lsmb dbname ?>__ar_all_vouchers,
@@ -148,7 +255,8 @@ lsmb_<?lsmb dbname ?>__list_purchase_rfqs;
-- POS
CREATE ROLE lsmb_<?lsmb dbname ?>__create_pos_invoice
WITH INHERIT NOLOGIN
-IN ROLE lsmb_<?lsmb dbname ?>__create_sales_invoice;
+IN ROLE lsmb_<?lsmb dbname ?>__create_sales_invoice,
+lsmb_<?lsmb dbname ?>__create_ar_invoice;
CREATE ROLE lsmb_<?lsmb dbname ?>__close_till
WITH INHERIT NOLOGIN;
@@ -235,6 +343,14 @@ lsmb_<?lsmb dbname ?>__list_ap_transactions;
CREATE ROLE lsmb_<?lsmb dbname ?>__run_yearend
WITH INHERIT NOLOGIN;
+CREATE ROLE lsmb_<?lsmb dbname ?>__create_list_batches
+WITH INHERIT NOLOGIN
+IN ROLE lsmb_<?lsmb dbname ?>__create_list_transactions;
+
+GRANT SELECT ON batch TO lsmb_<?lsmb dbname ?>__create_list_batches;
+GRANT SELECT ON batch_class TO lsmb_<?lsmb dbname ?>__create_list_batches;
+GRANT SELECT ON voucher TO lsmb_<?lsmb dbname ?>__create_list_batches;
+
CREATE ROLE lsmb_<?lsmb dbname ?>__all_gl
WITH INHERIT NOLOGIN
IN ROLE lsmb_<?lsmb dbname ?>__create_transaction,